‘T-Mobile MMS message has arrived’ themed emails lead to malware

A circulating malicious spam campaign attempts to trick T-Mobile customers into thinking that they’ve received a password-protected MMS. However, once gullible and socially engineered users execute the malicious attachment, they automatically compromise the confidentiality and integrity of their PCs, allowing the cybercriminals behind the campaign to gain complete control of their PCs.

Once executed, the sample phones back to networksecurityx.hopto.org – 69.65.19.117

The following subdomains are also known to have phoned back to the same IP in that past:1216289731481872.no-ip.info128096312288.no-ip.info130715253.no-ip.info1364170516.hopto.org1365606917.hopto.org1365607817.hopto.org1365608717.hopto.org1365609617.hopto.org1365611417.hopto.org1365614117.hopto.org1365615017.hopto.org1365615917.hopto.org1365617717.hopto.org1365621317.hopto.org1365622217.hopto.org1365623117.hopto.org1365624017.hopto.org1365624917.hopto.org1365625816.hopto.org